General
-
Target
44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f
-
Size
1.2MB
-
Sample
231013-fjl84aef5z
-
MD5
949af418f05b8c4541a6cdf984c3d5fa
-
SHA1
9f66b57c6747d9767625743b1d04b0051dce23c0
-
SHA256
44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f
-
SHA512
67002911c4a51b86f1cb551fd1e008f2f0420acc54c80bf0f42fe8924aa826d5fa5b95b9018113e38139f5b3d686a352a44f8fa28ef3c5011c102dd9d7510873
-
SSDEEP
24576:sBuqRM9Hm263B/dL4wVoLAJyq46laOICoMcapo8KjZfU2y98DxL1DvxnG:cuqRcHD6D1GLAJGOFi9c2y9O5tG
Static task
static1
Behavioral task
behavioral1
Sample
44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f
-
Size
1.2MB
-
MD5
949af418f05b8c4541a6cdf984c3d5fa
-
SHA1
9f66b57c6747d9767625743b1d04b0051dce23c0
-
SHA256
44131a0098c8c09a5abc051edde891e73cea39e90ca3d18ddd0d56463f5e1e7f
-
SHA512
67002911c4a51b86f1cb551fd1e008f2f0420acc54c80bf0f42fe8924aa826d5fa5b95b9018113e38139f5b3d686a352a44f8fa28ef3c5011c102dd9d7510873
-
SSDEEP
24576:sBuqRM9Hm263B/dL4wVoLAJyq46laOICoMcapo8KjZfU2y98DxL1DvxnG:cuqRcHD6D1GLAJGOFi9c2y9O5tG
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1